Posted 16 August 2006 - 10:09 PM
I want to check that an SQL statement is of the form
INSERT INTO table (cols) VALUES (values)
INSERT INTO table (cols) VALUES (values), (morevalues), (moreagain)
i.e. Only one set of values is being used (nobody has injected an extra row in there)
but when I imagine how the regexp would look i can only imagine something like (.*) which could still be "(x), (y), (z)"
How does this work?
Posted 17 August 2006 - 12:09 PM
any data you process from a form should be checked to see if they are trying to inject - using mysql_escape_string or mysql_escape_real_string are what you need.
Posted 17 August 2006 - 01:15 PM
Where did I say I wanted to let them inject SQL??? That would just be stupid, I am trying to check they ARENT injecting.
I was interested to know how this could be checked using reg exps (aswell as the mysql functions)
Posted 17 August 2006 - 02:58 PM
So I will accept your apology before you offer it
There is no point in reasearching what regex you will need to perform thsi task - it will be less efficient and less effective than the already availbe, built for purpose functions.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users